There are data breaches just about every day, as high-profile hacks of companies and governments have almost become commonplace.
But there at least a few incidents that truly stand out among the thousands of others. They are a bit impressive.
These are hacks we felt had some of the biggest impacts over the past decade. Let’s take a look at it.
Recommended: 14 Best Instant Messenger Apps For Android
The “first major cyber conflict” was launched against Estonia in 2007 — a 21-day assault on its networks and websites that many believe was Russian-led.
It was dubbed “Web War One.”The impressive hacks of the last decade
At about 10 p.m. on April 27, 2007, the Estonian government noticed that many of its websites were kicked offline. The hackers defaced the websites of its president, ministries, and Parliament.
Others shared tips for coordinating distributed denial-of-service attacks on the country’s financial sector and media sites. For 21 days, Estonia fought a war carried out entirely in cyberspace, which began after it decided to remove a Soviet-era statue from its capital.
Estonia accused the Russian government of carrying out the attack, though it was more likely carried out by incensed Russian hackers, who were not actually state-sponsored. Still, as Wired wrote, “Never before had an entire country been targeted on almost every digital front all at once, and never before had a government itself fought back.”
The attacks stopped entirely on May 18, 2007, at 11 p.m., according to Adam Segal’s book “The Hacked World Order.”
“Estonia was briefly cut off from the rest of the world, but the Internet remained accessible within the country. The damage of the attack was instead highly psychological, putting Estonia’s digital vulnerability in stark relief.”
As Segal noted of the postmortem, Estonia had some soul-searching to do in its preparation and defenses against cyber attack, which proved inadequate. It eventually created a “Cyber Defense League” and has drastically increased its annual spending on cyber security.
The massive malware infection of the US government’s classified networks in 2008 forced the Pentagon to create a new military unit dedicated to cyber threats.The impressive hacks of the last decade
The Secret Internet Protocol Router Network, or SIPRNet, where the US military shares classified documents and chats, and the Joint Worldwide Intelligence Communication System (JWICS) for sharing top-secret information around the world was supposed to be “air-gapped,” or cut off from the normal Internet.
But that didn’t stop a worm dubbed Agent.btz from moving undetected through both those classified systems and other unclassified systems in 2008 due to an infected USB thumb drive.
Fortunately, the worm on SIPRNET and JWICS wasn’t able to communicate with its creator due to the air gap, though it’s unclear what information it gleaned from systems that were connected to the internet.
The worm was relatively-unsophisticated, but it still took the military nearly 14 months to get rid of in an operation called Buckshot Yankee, which included a complete ban on the use of portable thumb drives.
“It was a great catalyst,” then-NSA Director Gen. Keith Alexander told The Washington Post.
Established in June 2009 and co-located at NSA headquarters in Fort Meade, Md., Cyber Command became the central hub of the Pentagon’s cyberspace operations, unifying all of the military cyber branches under it.
Its establishment also inspired other countries to stand up their own versions as well, to include the United Kingdom and South Korea.
The 2009 Stuxnet attack by the US and Israel against Iranian nuclear sites marked the first time a cyber weapon was successfully used to destroy physical infrastructure.The impressive hacks of the last decade
In 2006, then-President George W. Bush was increasingly worried about Iranian efforts at enriching uranium, and ultimately, its hopes to build an atomic bomb.
But he was mired in the Iraq war and had few options beyond air strikes or another full-scale war in the Middle East, which Israel was pushing for. So, his military leaders gave him a third option: a weapon that could potentially set back Iran’s nuclear ambitions, while leaving no trace of the attacker.
It was the world’s first cyber weapon, code-named “Olympic Games” and later called “Stuxnet” by computer security researchers.
And it worked. Too well.
The code made its way into the facility and infected the specific industrial control systems the Iranians were using. Once it turned itself on about 13 days after infection, it sped up or slowed down the centrifuges until they destroyed themselves — all while the operators’ computer screens showed everything was working as normal.
But at some point, the powerful computer code escaped and made its way out. It had an unheard number of zero-day exploits (four, to be precise), which are software vulnerabilities unknown to the target that has “zero days” to protect themselves. Making matters worse, its self-replicating behavior ended up infecting computers around the world.
Though Iran initially had no idea it was attacked by a cyber weapon, believing its scientists and engineers were incompetent due to the failures, eventually, the code escaped and worldwide infections led computer researchers to study it, and the idea of leaving “no trace” of the attacker was gone.
“We’ve never seen this before,” Liam O’Murchu, a director at Symantec, says in the new film “Zero Days.” “We’ve actually never seen this since, either.”
Though it turns out, Stuxnet was only the beginning. The US also had a top-secret cyber weapon that could have taken out most of Iran’s infrastructure — without a single bomb dropped.
Known as Operation Nitro Zeus, the sophisticated cyber attack plan gave the US access to Iran’s air defense systems so it could not shoot down planes, its command-and-control systems so communications would go dead, and infrastructures like the power grid, transportation, and financial systems.
“The science fiction cyber war scenario is here. That’s Nitro Zeus,” a source says in the film”Zero Days.”
But Iran showed it could hit back in cyberspace when it perpetrated the biggest hack in history against Saudi Aramco in 2012.
One of the ironies to come of the Stuxnet attack was the rise of an Iranian hacker army.
Not soon after its centrifuges were destroyed, Iran built up a cyber army backed by the highest levels of its government with nearly $20 million in funding to its Revolutionary Guard Corps.
Though Iranian hackers launched cyber attacks against the US financial sector and broke into the control system of a dam in upstate New York, their biggest hack came in 2012.
In August of that year, Iranian hackers broke into Saudi Arabia’s state-owned oil company, Saudi Aramco, and wiped or totally destroyed 35,000 computers. After an emailed phishing link was clicked on by one of the company’s information technology staff, within a matter of hours, the hackers had turned back the clock and pushed one of the world’s biggest oil companies back to using typewriters and handwritten contracts.
The attack was mentioned in a leaked Snowden document as being observed by the National Security Agency: “Iran … has demonstrated a clear ability to learn from the capabilities and actions of others,” the document said.
And now, Iran has the fourth largest cyber army in the world, just behind Russia, China, and the United States.
Then there was the hack of the world’s largest Bitcoin exchange in 2013, in which hackers apparently made off with $460 million in stolen cash.The impressive hacks of the last decade
The rocky ride of the digital crypto currency known as Bitcoin got much more volatile after the company operating its largest exchanged folded and went bankrupt in early 2014.
The big reason for the downfall of Mt. Gox, which handled more than three-quarters of the world’s Bitcoin trade, was due to a massive hack that saw the theft of 850,000 bitcoins.
It amounted to $460 million at the time (it’s now up to $568 million — quite a heist).
As The Stanford Review noted, frustrated Mt. Gox customers turned to the Bitcoin subreddit to vent of college funds and retirement savings being among the casualties. And to the greater Bitcoin community, the site’s downfall signaled that perhaps Bitcoin itself could be in trouble.
After the massive 2014 breach against Sony, the US pointed the finger at North Korea — the first time it had ever publicly blamed a foreign nation for a cyber attack.The impressive hacks of the last decade
The 2014 hack of Sony Entertainment was remarkable for both what happened during, but mostly for what came afterward.
The attack resulted in the leaks of thousands of private emails, social security numbers, unreleased films, and a complete data wipe of half of the company’s network. The company pulled its film “The Interview” from theaters, and its chairman Amy Pascal resigned over her controversial emails being made public.
Amid a major hack in size and scope, the President made a surprising announcement at his 2014 end of the year press conference, when he attributed the attack to North Korea. It was the first time the US had blamed another country for a destructive cyber attack, according to The Washington Post.
The 2015 leak of 25 gigabytes of data hacked from the adultery website Ashley Madison had offline ramifications, to include exposed users being shamed, getting divorced, or in some cases, even committing suicide.The impressive hacks of the last decade
There are more than a few big data breaches every day, which often expose affected users to future spam emails and the inconvenience of having to change a password, and that’s it.
But a hack of the adultery website Ashley Madison had more dire consequences for those affected.
In July 2015, the hacking group calling itself “The Impact Team” breached the servers of Avid Life Media, which owned the site, and stole reams of data, to include user information, internal emails, and a complete map of its servers. Alongside a small sample of the data, it demanded the company shut down the site permanently, or it would leak the data.
The company said no. The hackers did what they said they would do. And their threat that the company would be “liable for fraud and extreme harm to millions of users” turned out to be very true.
With the massive listing of email address, phone numbers, credit cards, and other private information exposed on the internet, reporters reached out to speak with some victims.
“This will wreck my marriage,” Tom, a Kentucky man who requested anonymity, told the website Fusion.
And cyber criminals realized how the embarrassment from being in such a database could be used to extort money. In targeted emails, extortionists demanded Bitcoin in exchange for them not telling the victim’s spouse, according to journalist Brian Krebs.
There were at least two unconfirmed suicides related to the breach. And there were even innocent bystanders caught up since people could use any email address they wanted to sign up. At least 16 people signed up for the site using email variations for the President of the United States.
Meanwhile, Avid Life Media suffered from the devastating amount of negative publicity, a massive class-action lawsuit, and the resignation of its CEO.
But it did not shutter its operations. Instead, the company was trying this month to re-launch and re-brand under new management.
So, these were some of the best and impressive hacks of the decade you must know about.